| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02. |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS) payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02. |
| Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions. |
| Unauthenticated Local File Inclusion in Skyward <= 1.10 versions. |
| Unauthenticated Local File Inclusion in Preservation <= 1.10 versions. |
| Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Metro Magazine: from n/a through 1.3.7. |
| A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files. |
| CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions. |
| An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. |
| Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. |
| Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. |
| Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. |
| Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7 versions. |
| Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions. |
| Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions. |
| Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions. |
| Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions. |
| Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions. |
| Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions. |
| Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions. |
